In my previous blog post, I demonstrated how to use PSRule to validate Azure API Management policies by defining several custom rules, each with specific logic. As a fan of Test Driven Development, I created these rules following a test-first approach. In this post, I’ll walk you through how to write automated tests for these PSRule rules using Pester, a popular testing framework for PowerShell.
I’ve been working with Azure API Management for a while now, and one of the challenges I’ve faced is finding a reliable way to validate the XML policies I write. While tools like SonarQube are excellent for code quality checks, they don’t support the specific checks required for Azure API Management policies. In this blog post, I’ll demonstrate how to use PSRule to validate your Azure API Management policies effectively.
In this third post on working with client certificates in Azure API Management, we’ll focus on securing backend connections with mTLS. We’ll deploy two API Management instances. The first will serve as the backend and require a client certificate for authentication. The second will act as the client. We will call the client using TLS, and it will, in turn, connect to the backend using mTLS.
In this second post, we expand on the solution from the previous post. We’ll deploy API Management inside a virtual network, positioning it behind an application gateway. We’ll configure the application gateway with an mTLS listener to validate client certificates and forward them to API Management for further processing. This approach can also be used with other types of backends, such as an ASP.NET Web API.
This blog post is the start of a series on how to work with client certificates in Azure API Management to setup a mutual TLS (mTLS) connection. While Azure’s official documentation provides excellent guidance on setting up client certificates via the Azure Portal, we’ll dive into utilizing Bicep and the Azure CLI, to automate the process. In this first post, we’ll cover the basics of how to validate client certificates in API Management.